TIAPS Module 1 Audit and Assurance workbook

More documents

Recommendations

Info

Common controls for fraud relating to cash and financial transactions, for example, include: • Segregation of incompatible duties. Responsibility for custody of an asset, authorization for its deployment, and recording its usage should ideally be assigned to different individuals. Where this is not possible because of a shortage of resources then compensating controls, including increased supervision, regular reconciliations, stock takes, and scrutiny by inspectors and auditors, should be applied. • Centralization of cash collection points. • Individual cash drawers for each employee responsible for collecting money to assist with traceability and accountability for errors and fraud. • Endorsing checks when they are received to limit opportunities for misuse. • Maintaining sequential receipts. • Timely recording of transactions. • Timely deposits of cash. • Physical security of blank checks. • Regular reconciliations. Figure: Segregation of Incompatible Duties Many of the controls described above are needed for managing risks related to human, system, and process errors as well as the possibility of fraud. To ensure the general integrity of the control environment, there should be clear tone at the top, a well-defined code of conduct to confirm behavioral expectations, consistent and timely handling of breaches, continuous awareness raising and regular training, documented policies and processes, and opportunities for anonymous whistleblowing. A defining characteristic of fraud is that such acts are deliberate. Frauds are not errors caused by bad luck or incompetence. Individuals acting alone or with others usually have a need or an incentive (motivation) to commit fraud (such as economic or social hardship, ambition, or duress), identify an opportunity to take an unfair and unwarranted advantage of 60
circumstances (unethical and often but not always illegal), and tend to provide a rationalization to themselves and anyone else (such as when they are caught) in terms of their needs or perceived entitlement (“everyone else is doing it,” “the organization deserves it for having weak controls,” “it’s only $100,” “I need it more than they do,” “it’s a victimless crime,” etc.). Often individuals start committing fraud with a small value or with the intention of only doing it once but the temptation and the rationalization increase. Motivation, opportunity, and rationalization are the key elements of the fraud risk triangle and provide a basis for considering appropriate controls for each of these dynamics. Organizations must: • Reduce motivation (through ethical training and by addressing signs of stress). • Limit opportunity (through awareness raising and segregation of incompatible duties, for example). • Combat potential rationalization (through being seen to take fraud seriously, dealing with incidents fairly and swiftly, and providing fair compensation to all). Figure: Controls for the Primary Causes of Fraud (based on the Cressey Fraud Risk Triangle) The IIA Practice Guide: Internal Audit and Fraud – Assessing Fraud Risk Governance and Management at the Organizational Level distinguishes three aspects an internal auditor must be aware of when evaluating risks and controls: • Fraud risks – the potential for fraud (which is ever-present). • Fraud schemes – active plans by individuals or groups to commit fraud. • Fraud events – where fraud has been committed. 56 56 IIA Practice Guide: Internal Audit and Fraud – Assessing Fraud Risk Governance and Management at the Organizational Level, 2nd edition, 2022. 61
Page 1 and 2:
Module 1: Audit and Assurance TIAPS
Page 3 and 4:
Table of Contents Module 1: Audit a
Page 5 and 6:
Relevant Standards Reference is mad
Page 7 and 8:
• Close scrutiny. The activities
Page 9 and 10: A.2 Public Sector Governance IIA In
Page 11 and 12: The need for governance arises for
Page 13 and 14: Although developed for government a
Page 15 and 16: A.3 Governance Models When evaluati
Page 17 and 18: defensive aspects to minimize negat
Page 19 and 20: A.3.3 CIPFA International Framework
Page 21 and 22: 8. Ensure that its arrangements for
Page 23 and 24: • Consideration of overlapping in
Page 25 and 26: A.3: Reflection Which model or mod
Page 27 and 28: Although they are related, the prin
Page 29 and 30: B.1.1 Independence, Objectivity, an
Page 31 and 32: B.1: Reflection Is it possible to
Page 33 and 34: According to The IIA Position Paper
Page 35 and 36: B.2: Reflection When was the last t
Page 37 and 38: When independence or objectivity ar
Page 39 and 40: B.4 Safeguards for Independence and
Page 41 and 42: In other cases, there is no audit c
Page 43 and 44: C. Assurance and Advisory Engagemen
Page 45 and 46: It is common to build an allowance
Page 47 and 48: The following list is taken from Sa
Page 49 and 50: helping managers developing control
Page 51 and 52: C.1.5 Internal Audit Opinions Audit
Page 53 and 54: Leadership and Communication Intern
Page 55 and 56: C.2 Auditing Governance The IIA Sup
Page 57 and 58: C.2: Reflection How does your inter
Page 59: Fraud may be perpetrated via measur
Page 63 and 64: Management Issues • Lack of area
Page 65 and 66: Risk management techniques can be a
Page 67 and 68: IT controls may be manual, automate
Page 69 and 70: The IIA’s Cybersecurity Toolkit d
Page 71 and 72: C.3: Reflection Fraud: How are susp
Page 73 and 74: Global Perspectives and Insights -
Page 75: CIPFA: 77 Mansell Street, London E1
show all

TIAPS Module 1 Audit and Assurance workbook

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?